August 15, 2022
According to security weakness hunters at Cyble, over 9,000 exposed VNC (virtual network computing) endpoints are exposed on the internet without authentication.
VNC (virtual network computing) is a platform-independent system that can help users connect to systems that require monitoring and adjustments.
VNC grants users control over a remote computer via the RFB (remote frame buffer protocol) over a network connection.
According to the researchers, the most exposed endpoints are in China and Sweden. Other countries that made it to the top 5 list are the United States, Spain and Brazil. Most attempts to access VNC servers came from the Netherlands, Russia and the United States.
These vulnerable endpoints could serve as entry points for unauthorized users, including threat actors with malicious targets.
Exposed VNCs are widely targeted by attackers. Using its cyber intelligence tools on 5909, Cyble researchers discover that there were over six million requests within a month.
To protect VNC, administrators are advised never to expose servers directly to the internet. If they need to be remotely accessible, they must be placed behind a VPN.
Administrators should also provide instances with a password to restrict access to the VNC servers.
The sources for this piece include an article in BleepingComputer.
